summaryrefslogtreecommitdiff
path: root/ansible/roles
diff options
context:
space:
mode:
Diffstat (limited to 'ansible/roles')
-rw-r--r--ansible/roles/dc02/tasks/cleanup.yaml3
-rw-r--r--ansible/roles/dc02/tasks/init.yaml3
-rw-r--r--ansible/roles/dc02/tasks/install_software.yaml3
-rw-r--r--ansible/roles/dc02/tasks/main.yaml36
-rw-r--r--ansible/roles/dc02/tasks/populate_ad.yaml7
-rw-r--r--ansible/roles/dc02/tasks/reboot.yaml3
-rw-r--r--ansible/roles/dc02/tasks/set_hostname.yaml2
-rw-r--r--ansible/roles/dc02/tasks/setup_defender_gpo.yaml7
-rw-r--r--ansible/roles/dc02/tasks/setup_domain.yaml2
-rw-r--r--ansible/roles/dc02/tasks/setup_tree_domain.yaml9
-rw-r--r--ansible/roles/dc02/tasks/wait_for_ready.yaml3
-rw-r--r--ansible/roles/dc03/tasks/cleanup.yaml3
-rw-r--r--ansible/roles/dc03/tasks/init.yaml3
-rw-r--r--ansible/roles/dc03/tasks/install_software.yaml3
-rw-r--r--ansible/roles/dc03/tasks/main.yaml36
-rw-r--r--ansible/roles/dc03/tasks/populate_ad.yaml7
-rw-r--r--ansible/roles/dc03/tasks/reboot.yaml3
-rw-r--r--ansible/roles/dc03/tasks/set_hostname.yaml2
-rw-r--r--ansible/roles/dc03/tasks/setup_child_domain.yaml9
-rw-r--r--ansible/roles/dc03/tasks/setup_defender_gpo.yaml7
-rw-r--r--ansible/roles/dc03/tasks/setup_domain.yaml6
-rw-r--r--ansible/roles/dc03/tasks/setup_gpo.yaml7
-rw-r--r--ansible/roles/dc03/tasks/wait_for_ready.yaml3
23 files changed, 167 insertions, 0 deletions
diff --git a/ansible/roles/dc02/tasks/cleanup.yaml b/ansible/roles/dc02/tasks/cleanup.yaml
new file mode 100644
index 0000000..0e59407
--- /dev/null
+++ b/ansible/roles/dc02/tasks/cleanup.yaml
@@ -0,0 +1,3 @@
+- name: execute cleanup.ps1
+ ansible.windows.win_powershell:
+ script: C:\scripts\cleanup.ps1
diff --git a/ansible/roles/dc02/tasks/init.yaml b/ansible/roles/dc02/tasks/init.yaml
new file mode 100644
index 0000000..84b3c3e
--- /dev/null
+++ b/ansible/roles/dc02/tasks/init.yaml
@@ -0,0 +1,3 @@
+- name: execute init.ps1
+ ansible.windows.win_powershell:
+ script: C:\scripts\init.ps1
diff --git a/ansible/roles/dc02/tasks/install_software.yaml b/ansible/roles/dc02/tasks/install_software.yaml
new file mode 100644
index 0000000..a5018a8
--- /dev/null
+++ b/ansible/roles/dc02/tasks/install_software.yaml
@@ -0,0 +1,3 @@
+- name: execute install-software.ps1
+ ansible.windows.win_powershell:
+ script: C:\scripts\install-software.ps1
diff --git a/ansible/roles/dc02/tasks/main.yaml b/ansible/roles/dc02/tasks/main.yaml
new file mode 100644
index 0000000..8cdafa8
--- /dev/null
+++ b/ansible/roles/dc02/tasks/main.yaml
@@ -0,0 +1,36 @@
+- name: wait for winrm to be available
+ ansible.builtin.wait_for:
+ host: "{{ ansible_host }}"
+ port: "{{ ansible_port }}"
+ timeout: 300
+ delegate_to: localhost
+
+- name: execute init.ps1
+ import_tasks: init.yaml
+
+- name: set hostname
+ import_tasks: set_hostname.yaml
+
+- name: reboot after hostname change
+ import_tasks: reboot.yaml
+
+- name: execute setup-tree-domain.ps1
+ import_tasks: setup_tree_domain.yaml
+
+- name: reboot after domain setup
+ import_tasks: reboot.yaml
+
+- name: execute dc-wait-for-ready.ps1
+ import_tasks: wait_for_ready.yaml
+
+- name: execute setup-defender-gpo.ps1 as domain admin
+ import_tasks: setup_defender_gpo.yaml
+
+- name: reboot after gpo setup
+ import_tasks: reboot.yaml
+
+- name: execute install-software.ps1
+ import_tasks: install_software.yaml
+
+- name: execute cleanup.ps1
+ import_tasks: cleanup.yaml
diff --git a/ansible/roles/dc02/tasks/populate_ad.yaml b/ansible/roles/dc02/tasks/populate_ad.yaml
new file mode 100644
index 0000000..e65ab64
--- /dev/null
+++ b/ansible/roles/dc02/tasks/populate_ad.yaml
@@ -0,0 +1,7 @@
+- name: execute populate-ad.ps1
+ ansible.windows.win_powershell:
+ script: C:\scripts\populate-ad.ps1
+ parameters:
+ DomainName: "{{ main_domain_name }}"
+ UserPassword: "{{ default_win_user_password }}"
+ SvcPassword: "{{ default_win_svc_password }}"
diff --git a/ansible/roles/dc02/tasks/reboot.yaml b/ansible/roles/dc02/tasks/reboot.yaml
new file mode 100644
index 0000000..f36b168
--- /dev/null
+++ b/ansible/roles/dc02/tasks/reboot.yaml
@@ -0,0 +1,3 @@
+- name: reboot
+ ansible.windows.win_reboot:
+ reboot_timeout: 3600
diff --git a/ansible/roles/dc02/tasks/set_hostname.yaml b/ansible/roles/dc02/tasks/set_hostname.yaml
new file mode 100644
index 0000000..d279485
--- /dev/null
+++ b/ansible/roles/dc02/tasks/set_hostname.yaml
@@ -0,0 +1,2 @@
+- name: set hostname
+ win_shell: Rename-Computer -NewName "{{ tree_dc02_hostname }}" -Force
diff --git a/ansible/roles/dc02/tasks/setup_defender_gpo.yaml b/ansible/roles/dc02/tasks/setup_defender_gpo.yaml
new file mode 100644
index 0000000..18d8042
--- /dev/null
+++ b/ansible/roles/dc02/tasks/setup_defender_gpo.yaml
@@ -0,0 +1,7 @@
+- name: execute setup-defender-gpo.ps1 as domain admin
+ ansible.windows.win_command: powershell.exe -ExecutionPolicy Bypass -File C:\scripts\setup-defender-gpo.ps1 -DomainName "{{ tree_domain_name }}"
+ become: yes
+ become_method: runas
+ become_user: "{{ tree_domain_name }}\\Administrator"
+ vars:
+ ansible_become_password: "{{ default_win_password }}"
diff --git a/ansible/roles/dc02/tasks/setup_domain.yaml b/ansible/roles/dc02/tasks/setup_domain.yaml
new file mode 100644
index 0000000..ef8a541
--- /dev/null
+++ b/ansible/roles/dc02/tasks/setup_domain.yaml
@@ -0,0 +1,2 @@
+- name: execute setup-main-domain.ps1
+ ansible.windows.win_command: powershell.exe -ExecutionPolicy Bypass -File C:\scripts\setup-main-domain.ps1 -DomainName "{{ tree_domain_name }}" -SafeModePassword "P4ssw0rd1234!"
diff --git a/ansible/roles/dc02/tasks/setup_tree_domain.yaml b/ansible/roles/dc02/tasks/setup_tree_domain.yaml
new file mode 100644
index 0000000..2067844
--- /dev/null
+++ b/ansible/roles/dc02/tasks/setup_tree_domain.yaml
@@ -0,0 +1,9 @@
+- name: execute setup-tree-domain.ps1
+ ansible.windows.win_shell: >
+ powershell.exe -ExecutionPolicy Bypass
+ -File C:\scripts\setup-tree-domain.ps1
+ -ParentForestRootDomain "{{ main_domain_name }}"
+ -NewTreeDomainName "{{ tree_domain_name }}"
+ -SafeModePassword "P4ssw0rd1234!"
+ -Username Administrator
+ -Password "{{ default_win_password }}"
diff --git a/ansible/roles/dc02/tasks/wait_for_ready.yaml b/ansible/roles/dc02/tasks/wait_for_ready.yaml
new file mode 100644
index 0000000..b077e07
--- /dev/null
+++ b/ansible/roles/dc02/tasks/wait_for_ready.yaml
@@ -0,0 +1,3 @@
+- name: execute dc-wait-for-ready.ps1
+ ansible.windows.win_powershell:
+ script: C:\scripts\dc-wait-for-ready.ps1
diff --git a/ansible/roles/dc03/tasks/cleanup.yaml b/ansible/roles/dc03/tasks/cleanup.yaml
new file mode 100644
index 0000000..0e59407
--- /dev/null
+++ b/ansible/roles/dc03/tasks/cleanup.yaml
@@ -0,0 +1,3 @@
+- name: execute cleanup.ps1
+ ansible.windows.win_powershell:
+ script: C:\scripts\cleanup.ps1
diff --git a/ansible/roles/dc03/tasks/init.yaml b/ansible/roles/dc03/tasks/init.yaml
new file mode 100644
index 0000000..84b3c3e
--- /dev/null
+++ b/ansible/roles/dc03/tasks/init.yaml
@@ -0,0 +1,3 @@
+- name: execute init.ps1
+ ansible.windows.win_powershell:
+ script: C:\scripts\init.ps1
diff --git a/ansible/roles/dc03/tasks/install_software.yaml b/ansible/roles/dc03/tasks/install_software.yaml
new file mode 100644
index 0000000..a5018a8
--- /dev/null
+++ b/ansible/roles/dc03/tasks/install_software.yaml
@@ -0,0 +1,3 @@
+- name: execute install-software.ps1
+ ansible.windows.win_powershell:
+ script: C:\scripts\install-software.ps1
diff --git a/ansible/roles/dc03/tasks/main.yaml b/ansible/roles/dc03/tasks/main.yaml
new file mode 100644
index 0000000..e487caf
--- /dev/null
+++ b/ansible/roles/dc03/tasks/main.yaml
@@ -0,0 +1,36 @@
+- name: wait for winrm to be available
+ ansible.builtin.wait_for:
+ host: "{{ ansible_host }}"
+ port: "{{ ansible_port }}"
+ timeout: 300
+ delegate_to: localhost
+
+- name: execute init.ps1
+ import_tasks: init.yaml
+
+- name: set hostname
+ import_tasks: set_hostname.yaml
+
+- name: reboot after hostname change
+ import_tasks: reboot.yaml
+
+- name: execute setup-child-domain.ps1
+ import_tasks: setup_child_domain.yaml
+
+- name: reboot after domain setup
+ import_tasks: reboot.yaml
+
+- name: execute dc-wait-for-ready.ps1
+ import_tasks: wait_for_ready.yaml
+
+- name: execute setup-defender-gpo.ps1 as domain admin
+ import_tasks: setup_defender_gpo.yaml
+
+- name: reboot after gpo setup
+ import_tasks: reboot.yaml
+
+- name: execute install-software.ps1
+ import_tasks: install_software.yaml
+
+- name: execute cleanup.ps1
+ import_tasks: cleanup.yaml
diff --git a/ansible/roles/dc03/tasks/populate_ad.yaml b/ansible/roles/dc03/tasks/populate_ad.yaml
new file mode 100644
index 0000000..e65ab64
--- /dev/null
+++ b/ansible/roles/dc03/tasks/populate_ad.yaml
@@ -0,0 +1,7 @@
+- name: execute populate-ad.ps1
+ ansible.windows.win_powershell:
+ script: C:\scripts\populate-ad.ps1
+ parameters:
+ DomainName: "{{ main_domain_name }}"
+ UserPassword: "{{ default_win_user_password }}"
+ SvcPassword: "{{ default_win_svc_password }}"
diff --git a/ansible/roles/dc03/tasks/reboot.yaml b/ansible/roles/dc03/tasks/reboot.yaml
new file mode 100644
index 0000000..f36b168
--- /dev/null
+++ b/ansible/roles/dc03/tasks/reboot.yaml
@@ -0,0 +1,3 @@
+- name: reboot
+ ansible.windows.win_reboot:
+ reboot_timeout: 3600
diff --git a/ansible/roles/dc03/tasks/set_hostname.yaml b/ansible/roles/dc03/tasks/set_hostname.yaml
new file mode 100644
index 0000000..9f697b7
--- /dev/null
+++ b/ansible/roles/dc03/tasks/set_hostname.yaml
@@ -0,0 +1,2 @@
+- name: set hostname
+ win_shell: Rename-Computer -NewName "{{ child_dc03_hostname }}" -Force
diff --git a/ansible/roles/dc03/tasks/setup_child_domain.yaml b/ansible/roles/dc03/tasks/setup_child_domain.yaml
new file mode 100644
index 0000000..3d8a970
--- /dev/null
+++ b/ansible/roles/dc03/tasks/setup_child_domain.yaml
@@ -0,0 +1,9 @@
+- name: execute setup-child-domain.ps1
+ ansible.windows.win_shell: >
+ powershell.exe -ExecutionPolicy Bypass
+ -File C:\scripts\setup-child-domain.ps1
+ -ParentDomainName "{{ main_domain_name }}"
+ -ChildDOmainName "{{ child_domain_name }}"
+ -SafeModePassword "P4ssw0rd1234!"
+ -Username Administrator
+ -Password "{{ default_win_password }}"
diff --git a/ansible/roles/dc03/tasks/setup_defender_gpo.yaml b/ansible/roles/dc03/tasks/setup_defender_gpo.yaml
new file mode 100644
index 0000000..9813f7b
--- /dev/null
+++ b/ansible/roles/dc03/tasks/setup_defender_gpo.yaml
@@ -0,0 +1,7 @@
+- name: execute setup-defender-gpo.ps1 as domain admin
+ ansible.windows.win_command: powershell.exe -ExecutionPolicy Bypass -File C:\scripts\setup-defender-gpo.ps1 -DomainName "{{ child_domain_name }}"
+ become: yes
+ become_method: runas
+ become_user: "{{ child_domain_name }}\\Administrator"
+ vars:
+ ansible_become_password: "{{ default_win_password }}"
diff --git a/ansible/roles/dc03/tasks/setup_domain.yaml b/ansible/roles/dc03/tasks/setup_domain.yaml
new file mode 100644
index 0000000..64ab8c0
--- /dev/null
+++ b/ansible/roles/dc03/tasks/setup_domain.yaml
@@ -0,0 +1,6 @@
+- name: execute setup-main-domain.ps1
+ ansible.windows.win_powershell:
+ script: C:\scripts\setup-main-domain.ps1
+ parameters:
+ DomainName: "{{ child_domain_name }}"
+ SafeModePassword: "{{ default_win_safemode_password }}"
diff --git a/ansible/roles/dc03/tasks/setup_gpo.yaml b/ansible/roles/dc03/tasks/setup_gpo.yaml
new file mode 100644
index 0000000..fc44130
--- /dev/null
+++ b/ansible/roles/dc03/tasks/setup_gpo.yaml
@@ -0,0 +1,7 @@
+- name: execute setup-gpo.ps1 as domain admin
+ ansible.windows.win_command: powershell.exe -ExecutionPolicy Bypass -File C:\scripts\setup-gpo.ps1 -DomainName "{{ main_domain_name }}"
+ become: yes
+ become_method: runas
+ become_user: "{{ main_domain_name }}\\Administrator"
+ vars:
+ ansible_become_password: "{{ default_win_password }}"
diff --git a/ansible/roles/dc03/tasks/wait_for_ready.yaml b/ansible/roles/dc03/tasks/wait_for_ready.yaml
new file mode 100644
index 0000000..b077e07
--- /dev/null
+++ b/ansible/roles/dc03/tasks/wait_for_ready.yaml
@@ -0,0 +1,3 @@
+- name: execute dc-wait-for-ready.ps1
+ ansible.windows.win_powershell:
+ script: C:\scripts\dc-wait-for-ready.ps1
generated by cgit v1.2.3 (git 2.39.1) at 2025-07-18 07:04:36 +0000